This volume contains the post-proceedings of the Second International Workshop on Critical Information Infrastructure Security (CRITIS 2007), that was held during October 3–5, 2007 in Benalmadena-Costa (Malaga), Spain, and was hosted by the University of Malaga, Computer Science Department.

Session 1: R&D Agenda.- Towards a European Research Agenda for CIIP: Results from the CI2RCO Project.- ICT Vulnerabilities of the Power Grid: Towards a Road Map for Future Research.- Session 2: Communication Risk and Assurance I.- An Analysis of Cyclical Interdependencies in Critical Infrastructures.- A Framework for 3D Geospatial Buffering of Events of Interest in Critical Infrastructures.- Designing Information System Risk Management Framework Based on the Past Major Failures in the Japanese Financial Industry.- Advanced Reaction Using Risk Assessment in Intrusion Detection Systems.- Session 3: Communication Risk and Assurance II.- Managing Critical Infrastructures through Virtual Network Communities.- The Structure of the Sense of Security, Anshin.- Securing Agents against Malicious Host in an Intrusion Detection System.- Session 4: Code of Practice and Metrics.- UML Diagrams Supporting Domain Specification Inside the CRUTIAL Project.- Expert System CRIPS: Support of Situation Assessment and Decision Making.- Using Dependent CORAS Diagrams to Analyse Mutual Dependency.- A Methodology to Estimate Input-Output Inoperability Model Parameters.- Session 5: Information Sharing and Exchange.- Efficient Access Control for Secure XML Query Processing in Data Streams.- An Approach to Trust Management Challenges for Critical Infrastructures.- Session 6: Continuity of Services and Resiliency.- Detecting DNS Amplification Attacks.- LoRDAS: A Low-Rate DoS Attack against Application Servers.- Intra Autonomous System Overlay Dedicated to Communication Resilience.- A Proposal for the Definition of Operational Plans to Provide Dependability and Security.- Session 7: SCADA and Embedded Security.- Application of Kohonen Maps to Improve Security Tests on Automation Devices.- Ideal BasedCyber Security Technical Metrics for Control Systems.- Designing Critical Infrastructure Cyber Security Segmentation Architecture by Balancing Security with Reliability and Availability.- Session 8: Threats and Attacks Modeling.- A General Model and Guidelines for Attack Manifestation Generation.- A Survey on Detection Techniques to Prevent Cross-Site Scripting Attacks on Current Web Applications.- Attack Modeling of SIP-Oriented SPIT.- A Malware Detector Placement Game for Intrusion Detection.- Session 9: Information Exchange and Modelling.- Modeling and Simulating Information Security Management.- Design of a Platform for Information Exchange on Protection of Critical Infrastructures.- Towards a Standardised Cross-Sector Information Exchange on Present Risk Factors.

This book constitutes the thoroughly refereed post-conferenceproceedings of the Second International Workshop on Critical InformationInfrastructures Security, CRITIS 2007, held in Benalmadena-Costa, Spain,in October 2007 in conjunction with ITCIP 2007, the first conference onInformation Technology for Critical Infrastructure Protection. The 29 revised full papers presented were carefully reviewed andselected from a total of 75 submissions. The papers address allsecurity-related heterogeneous aspects of critical informationinfrastructures and are orgaized in topical sections on R&D agenda,communication risk and assurance, code of practice and metrics,information sharing and exchange, continuity of services and resiliency,SCADA and embedded security, threats and attacks modeling, as well asinformation exchange and modeling.